We have servers
and we generate certbot certificate and the certificate will be expire after 3 months is there anyway that our certificate will go minimum for one year even its paid .
Hi @malik,
No, Let's Encrypt does not offer any paid certificates or any certificate with a different expiration time.
You might want to look at a different certificate authority. For example, Sectigo and ZeroSSL apparently support issuing paid certificates using the same ACME protocol as Let's Encrypt
Thank you for your replay my concern is i dont need ssl certificate for website i have IKEv2 VPN server and certificate i need its cert.pem chain.pem fullchain.pem privkey.pem these certificate im looking for atleast one year life .
The certificates from Let's Encrypt and other CAs can be used for protecting any kind of TLS connection, whether it's a web service or some other kind of service. Even if the certificate authorities' documentation mainly mentions web servers (which are by far the most common use for TLS), the certificates can still be used in other environments.
Thank You sir
i have one more thing to ask
is it legal if i create a bash script to for to renew certificate with crontab ?
Yes, perfectly legal and encouraged. One of the main drivers for short certificate lifetimes is to encourage automation of the renewal process.
1 Like
This is common practice. If you'd use the ACME client called certbot, you just have to run certbot renew to renew all certificates due for renewal.
Let's Encrypt advises to renew after 60 days of the 90 day lifetime. So if anything does go wrong, you've got 30 days to fix the issue before you end up with an expired certificate.
1 Like
I dunno. The topic is somewhat ambiguous. But OP specifically asked about paying for longer lived certs in the body.
1 Like
@malik you may also want to look at the --deploy-hook option, if you're using Certbot.
This could be especially useful in certain cases where you're using Certbot to secure a service that's not a web site. In particular, in this case Certbot will run a script (of your choice) to "deploy" the new certificate after a renewal. (For example, that script could copy the new certificate, chain, and key files elsewhere on the system, or run a command to reload a service that is going to be using the new certificate.)
As @rmbolger mentioned, it's encouraged by Let's Encrypt to use scripts and automation to renew certificates. Let's Encrypt has rate limits
that will prevent you from getting an unreasonably large number of duplicative certificates in a short period of time, but there are no other restrictions on interacting with the certificate authority using automation.
Certbot's certbot renew feature and many other ACME clients' renewal features will respect these rate limits, by attempting renewal requests only during the later 1/3 of each certificate's lifetime.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.